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Ameadmeate to the Claims; 

This listing of claims will replace &\1 prior versions, and Ustings, of claims in the 
application: 

Listing of Claims: 

Claim 1 . (currently amended) A method for network defense, comprising the steps 
of: 

detecting mission events by processing communications packets and traffic 

streams; 

forming mission tracks by processing said mission events, 
determining active mission types» using saidmiMion eyents; 
determining state of each mission, using said mission events, inclnding 
producing a mission state vector for each mission: 

estimating mission sensitivities by processing said mission tracks; 
prioritizing network operations by processing said mission sensitivities; 

and 

coirelating network alarms to missions by processing said mission 
sensitivities, 

wherein said steps include a database of dynamic and a priori information, 
wherein the step of estimating missio n sensiUvities by processing said 

missionla^cks comprises estimating mission sensitivity to network peituibations, 

using misswn tracks . 
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Claim 2. (currently amended) The method of claim I wherein tfee-st^-ef 
said detecting mission events by processing corammiications packets comprises 
el- 
receiving said communications packets; 

extracting said communicated information from said commtmication 
packets and trafSc streams; 

creating homogenous information packages, from said communicated 
information; and 

detecting mission events by processing said homogeneous information 
package? i 

Claim 3 - 4 (cajticeled) 

Claim 5. (Original) The method of claim 1 , wherein prioritizing network 
operations by processing said mission sensitivities comprises ordering said list of 
network operations by comparing said mission sensitivities. 

Claim 6. (currently amended) The method of claim 1, wherein tibe-step^ said 
correlating network alarms to missions by processing said mission sensitivities 
comprises ing creating a list of relationships between each network alarm and each 
mission using said mission sensitivity values. 

Claim 7. (currently amendedl) The method of claim 4 1, wherein network 
perturbations comprise modifications to network devices, protocols, policies, or 
architecture thirough network management courses of actions. 

Claim 8, (ciirrmtly amended) Hie method of claim 4 1, wherein network 
perturbations comprise modifications to network devices, protocols, policies, or 
architecture through attacks on network devices, protocols, policies, or 
architecture. 
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Claim 9, (currently amended) Th e m e thod of eifdm - l . , A method for network 

detectin g mission events by proce ssing comtmnk packets Md tiutlSc 



forming missim tracfe j»ooe^^ 

estimati ng mission sensitivities by processing said mission tracks; 
g ripritizing network 



sensitivities, 

wherein said step s iitciudg a database of dynamic ai^d a priori inforroation, 
wherein the step of estimating mission sensitivities by processing said 

Mssion tracks comprises estimating mission sensitivity to network perturbations. 

using mission tracks, 

wherein said database of dynamic and a priori information comprises: providing a 
database of performance statistics and observation logs from earlier missions; 
providing a set of prespecified mission types; for each mission type, providing a 
set of prespecjfied missioii states; for each mission t>'pe, providing a set of 
prespecified mission events; providing a set of prespecitied network perturbations; 
providing a set of weighted mappings from network components to mission states; 
providing a set of weighted mappings from network components to mission events; 
providing a set of mappings from network perturbations to network components; 
providing a set of prespecified network alamis; providing a rule base for updating, 
adapting, and modifying mission types, mission states, mission events, network 
perturbations, network alamis, and mapping using said performfflice statistics and 
observation logs. 

Claim 10. (Original) The method of claim 2, wherein said communicated 
information comprises packet source information, destination addresses and port 
information. 
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Claim 1 1 , (Original) The method of claim 2, wherein the step of extracting said 
communicated infomation comprises scanning said communicated packets as an 
unstructured data stream. 

Claim 12. (Original) The method of claim 2, wherein the step of extracting said 
coramu33icated information comprises comparing traffic stream characteristics to 
known usage patterns. 

Claim 13. (currently amended) The method of claim ^ 1, wherein the active 
mission types are determined through the use of a HMM. 

Claim 14, (currently amended) The method of claim 3^ I, wherein tlie state of 
each mission is determined through the use of a HMM, 

Claim 15, (Ori^nal) The method of claim 1 3, wherein mission HMM component 
determination comprises comhining performance statistics Scorn earlier missions 
with an Operational Sequence Diagmm. 

Claim 16, (Original) The method of claim 14, wherein mission BMM. component 
determination comprises combining performance statistics fiom earlier missions 
with an Operationd Sequence Diagram. 

Claim 17. (currently amended) The metliod of claim 3^ 1, wherein the step of 
determining said actiive mission types is performed inductively . 

Claim 1 S. (currently amended) The method of claim 1 7, wherein the step of 
determining said active mission types inductively, is through the use of ^ a 
forward algorithm. 
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Claim 19, (currently amended) The method of claim 4 1, fiirther comprising 
thfr s t e p s of : 

using a system dynamics model and a set of network perturbations to 
produce a nominal veision of the mission state at k+1 and a perturbed version of 
the mission state at k+l; 

propagating out the nominal version of the mission state at k+ 1 and the 
perturbed version of the mission state at k+i, to a computation horizon; and 

computing the difference between the overall mission effectiveness along 
the nominal version of the mission state and tbe pertuihed version of the mission 
state. 

Claim 20 (cuirently amended) The metliod of claim 4-1, wherein the stq? of 
said estimating mission sensitivity to network perturbations comprises using a 
closed-form expression to compute mission sesisitivities. 

Claim 2i, (Original) The method of claim 19, wherein said set of network 
perturbations comprises a set of alternative network operation COAs. 

Claim 22. (Original) The method of claim 19, wherein said set of network 
perturbations comprises a set of attacks on network devices, protocols, policies, 
and architecture. 

Claim 23. (Original) The method of claim 20, wherein said set of network 
perturt>ations comprises a set of alternative network operation COAs. 

Claim 24. (Original) The method of claim 20, wherein said set of network 
perturbations comprises a set of attacks on network devices, protocols, policies, 
and architecture. 

Claim 25 - 32 (creeled) 
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